Open Source Security: 10 Commercial Vendors
Open source software is making its mark on the commercial security space. Here are ten companies selling everything from security scanners to firewalls.
Can companies make money by selling a product customers can get for free?
Absolutely, yes. According to IDC, organizations spent $1.8 billion on stand-alone open source software in 2006, and IDC projects that total revenues in this market will reach $5.8 billion by 2011.
Eager to get in on that action, a number of software companies are now offering commercial security software based on open source code. While some vendors hide their use of open source, most of this new batch of companies openly promote open source as a feature of the product. And they say their customers are enthusiastically responding.
Why choose open source?
Why are customers so attracted to open source software? According to the vendors, it comes down to cost and flexibility. Dirk Morris, founder and CTO at Untangle, explains, "Our customers usually employ between 30 and 150 people. They're small business, and some schools, who can't afford proprietary solutions, but need to secure their networks."
Playing up the flexibility angle, Dave Roberts, VP of Strategy and Marketing at Vyatta, adds, "Our customers tell us that switching to open-source is tremendously liberating. They're no longer forced to put up with bad business practices that they often encounter on the proprietary side."
It also doesn't hurt that open-source security software often performs better than closed-source alternatives. "We always knew we were going to harness third-party applications [in Untangle]," says Morris. "We tried a lot of them and found that the open-source solutions were better architected and more effective, which was surprising to us at the time."
"It's not that open-source is inherently more secure." elaborates Roberts. "All code has bugs. The big distinction is in how security incidents get handled." While closed-source vendors can choose to keep a potential security breach quiet until the next product release, open-source vendors have no choice but to fix problems as soon as possible.
Why pay for something that's free?
So why would anyone pay for the commercial version of software that they could get for free? In most cases, the answer is "support." Nearly all of the vendors on our list charge an annual subscription for telephone and/or online support.
The other big reason for choosing one of these products is convenience. Some, like both Untangle and Vyatta, combine a number of different products into a single solution that simplifies installation and management. Some also offer pre-configured appliances or servers that make installation even easier.
Finally, some of the products offer expanded features that aren't available in the free versions. In most cases, these expanded features are aimed at the lucrative enterprise market, which has a greater need for scalability and reliability.
10 Commercial Open-Source Security Vendors
According to its Web site, the Untangle Gateway Platform is "the world's first commercial-grade open source solution for blocking spam, spyware, viruses, adware and unwanted content on the network." Their product is an amalgamation of some of the best open-source security software available (including SpamAssassin, ClamAV, and Snort) plus some code Untangle developed on its own. Price: $25 and up (depending on the size of the network).
Vyatta (vee-AH-ta) offers an open source networking solution that includes a router, firewall, and VPN. The Community Edition with community support is available free of charge. The Professional Subscription provides online support, and the Enterprise Subscriptions provides telephone support. Vyatta also offers pre-configured appliances. Price: $647 and up.